• 전기전자학회논문지
• /
• 제26권4호
• /
• pp.622-627
• /
• 2022

본 논문에서는 공격 횟수와 공격 유형을 모두 고려하여 차량 내 네트워크에서 해킹을 탐지하는 침입 탐지 시스템의 성능을 개선하는 기법을 제안한다. 침입 탐지 시스템에서 침입을 정상으로 잘못 인식하는 FNR(False Negative Rate)과 정상을 침입으로 잘못 인식하는 FPR(False Positive Rate)은 모두 차량의 안전에 큰 영향을 미친다. 본 논문에서는 일정 홧수 이상 공격으로 탐지된 데이터 프레임을 자동적으로 공격으로 처리하며, 자동 공격으로 판단하는 방법도 공격 유형에 따라 다르게 적용함으로서 FNR과 FPR을 모두 개선하는 침입 탐지 기법을 제안하였다. 시뮬레이션 결과 제안하는 기법은 DoS(Denial of Service) 공격과 Spoofing 공격에서 FNR과 FPR을 효과적으로 개선할 수 있었다.

• Journal of Chest Surgery
• /
• 제29권1호
• /
• pp.52-58
• /
• 1996

Sixty six patients who were operated as lung cancer during the period from Mar. 1991 to Sep. 1993 at the department of Thoracic and cardiovascular surgery, were reviewed retrospectively and the accuracy of regional lymph node in preoperative CT were compared with histopathologlc report obtained from operation. The age ranged from 30 to 72 years old (mean age : 56.5), and 51 patients were male and 15 patients were female. The author analysed the true positive, true negative, false positive and false negative and sensitivity, specificity, positive predictive index, negative predictive index and accuracy of each nodes. The result is that there were differences between seven nodal groups in specificity, sensitivity, positive predictive Index, negative predictive index and accuracy. The range of each nodal group is from 81.7 to 98.3% The nodes of the most poor accuracy are aortopulmonary area and hilar area.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권7호
• /
• pp.1721-1736
• /
• 2013

Black and gray hole attack is one kind of routing disturbing attacks and can bring great damage to the network. As a result, an efficient algorithm to detect black and gray attack is important. This paper demonstrate an adaptive approach to detecting black and gray hole attacks in ad hoc network based on a cross layer design. In network layer, we proposed a path-based method to overhear the next hop's action. This scheme does not send out extra control packets and saves the system resources of the detecting node. In MAC layer, a collision rate reporting system is established to estimate dynamic detecting threshold so as to lower the false positive rate under high network overload. We choose DSR protocol to test our algorithm and ns-2 as our simulation tool. Our experiment result verifies our theory: the average detection rate is above 90% and the false positive rate is below 10%. Moreover, the adaptive threshold strategy contributes to decrease the false positive rate.

• 한국방송∙미디어공학회:학술대회논문집
• /
• 한국방송공학회 2013년도 하계학술대회
• /
• pp.52-55
• /
• 2013

본 논문은 Boosted Random Ferns 기반의 회전 불변 얼굴 검출 방법을 제안한다. 기존 Random Ferns 의 경우 특징값을 추출할 때 임의로 선택한 두 픽셀의 밝기값 비교를 통하여 이진 특징값을 추출한다. 이 경우 해당 픽셀의 밝기값에 잡음이 포함되면 특징값이 부정확하게 추출되는 문제가 있다. 본 논문에서는 이러한 문제를 해결하기 위하여 임의로 두 블록을 선택하고 해당 블록내 밝기값의 평균을 비교하여 이진 특징값을 추출하였다. 또한 픽셀 위치를 임의로 선택하여 ferns 를 구성하였던 기존의 방법 대신 최고의 분류 성능을 가지는 fern 들을 이용하여 분류기를 구성하기 위해, AdaBoost 의 방법을 Random Ferns 에 맞게 변경하였다. Boosted Random Ferns 를 트리 구조의 cascade 노드에 방향과 각도에 따라 배치하여 연산 속도를 향상시키고 false-positive를 줄이는 효과를 보았다. CMU Rotated Face Database 를 사용하여 평가하였을 때, 기존 Random Ferns 는 false-positive 의 수가 57 개 일 때 66%의 검출률을 보인 반면, Boosted Random Ferns 는 false-positive 의 수가 45 개 일 때 88%의 검출률을 보였다.

• Journal of information and communication convergence engineering
• /
• 제7권1호
• /
• pp.7-12
• /
• 2009

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

• 한국수의병리학회지
• /
• 제7권1호
• /
• pp.11-15
• /
• 2003

Antigen retrieval (AR) techniques were widely used to recover the antigenicity from the fixed tissues, which were guided by the philosophy of rendering immunohistochemistry (IHC) applicable to routine formalin-fixed, paraffin-embedded tissues for wide application of IHC in research and clinical filed for morphological observation like as anatomy, histology and pathology. Protease antigen recovery (PAR) is an AR technique, which is obtained the antigen retrieve by using enzyme digestion, and commonly used in IHC field. However, during the IHC for the detection of ovine herpesvirus 2 (OvHV-2) antigen, we noted lymphocyte-like cells-specific staining in the infiltrated cells into various organs like as liver and kidney, which was also shown in the IHC tissues with isotype control. However, those signals were not observed in the tissues conducted with in situ hybridization. Therefore, we analyzed the specificity of the IHC detection results. We found that PAR may induce false-positive result during IHC in lymphocyte-like cells, which were infiltrated mainly around vessels and in interstitial tissues. Through the Phenotyping, we realized that those false-positive cells were B-cell-related cells. These results suggest that PAR, a AR using protease, may induce non-specific false-positive reactions during IHC.

• 인터넷정보학회논문지
• /
• 제8권2호
• /
• pp.89-94
• /
• 2007

현재 새로운 스팸 메일 차단 시스템과 다양한 스팸 차단 기술에 대한 연구가 계속되고 있다. 그렇지만, 새로운 유형의 스팸 메일이 등장하면서 스팸 메일 차단률(Spam mail Filtering Rate)과 오인된 메일(False-positive mail) 발생률은 점차적으로 늘어나고 있다. 하지만 기존에 제안된 스팸 메일 필터링 알고리즘은 새로운 유형의 스팸 메일에 대응하기 위해 적용될 알고리즘 수의 증가와 효율적인 스팸 메일 필터링 알고리즘의 대응 관계에 대한 연구 부족으로 인하여 스팸 메일 차단 시스템의 처리 부하는 증가하고 이에 대한 신뢰성은 반감되고 있다. 본 논문에서는 스팸 메일 차단 시스템의 부하 처리 성능 및 신뢰성을 증가시키기 위해 Fit-FA Finder와 Privacy 기반의 오인된 메일을 복구시키는 SMBC플랫폼을 개발하고 성능을 분석하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2651-2673
• /
• 2019

In order to detect Denial of Service (DoS) attacks, victim-side detection methods are used popularly such as static threshold-based method and machine learning-based method. However, as DoS attacking methods become more sophisticated, these methods reveal some natural disadvantages such as the late detection and the difficulty of tracing back attackers. Recently, in order to mitigate these drawbacks, source-side DoS detection methods have been researched. But, the source-side DoS detection methods have limitations if the volume of attack traffic is relatively very small and it is blended into legitimate traffic. Especially, with the subtle attack traffic, DoS detection methods may suffer from high false positive, considering legitimate traffic as attack traffic. In this paper, we propose an effective source-side DoS detection method with traffic seasonality aware adaptive threshold. The threshold of detecting DoS attack is adjusted adaptively to the fluctuated legitimate traffic in order to detect subtle attack traffic. Moreover, by understanding the seasonality of legitimate traffic, the threshold can be updated more carefully even though subtle attack happens and it helps to achieve low false positive. The extensive evaluation with the real traffic logs presents that the proposed method achieves very high detection rate over 90% with low false positive rate down to 5%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권3호
• /
• pp.1284-1297
• /
• 2019

The network environment is presently becoming very increased. Accordingly, the study of traffic classification for network management is becoming difficult. Automatic signature extraction system is a hot topic in the field of traffic classification research. However, existing automatic payload signature generation systems suffer problems such as semi-automatic system, generating of disposable signatures, generating of false-positive signatures and signatures are not kept up to date. Therefore, we provide a fully automatic signature update system that automatically performs all the processes, such as traffic collection, signature generation, signature management and signature verification. The step of traffic collection automatically collects ground-truth traffic through the traffic measurement agent (TMA) and traffic management server (TMS). The step of signature management removes unnecessary signatures. The step of signature generation generates new signatures. Finally, the step of signature verification removes the false-positive signatures. The proposed system can solve the problems of existing systems. The result of this system to a campus network showed that, in the case of four applications, high recall values and low false-positive rates can be maintained.

• 정보보호학회논문지
• /
• 제16권3호
• /
• pp.65-76
• /
• 2006

본 논문에서는 침입탐지시스템의 탐지 기법인 포트스캔 탐지에 대한 개선 및 포트스캔 탐지 결과와 연계하여 실질적인 공격 탐지 부분인 오남용(Misuse) 탐지 방법의 네트워크 기반 침입탐지시스템에 대한 탐지 능력을 극대화하는 방법에 대해 연구하였다. 또한 침입탐지시스템에서 개선된 포트스캔 탐지를 위해 전처리기인 포트스캔 탐지에 대한 일반적인 정책설정의 문제점과 오남용 탐지 엔진의 false-positive를 최소화하고 포트스캔 탐지와 오남용 탐지의 수행 성능을 높이기 위한 알고리즘을 연구하였다.